mirror of
https://github.com/electron/electron.git
synced 2026-01-07 22:54:25 -05:00
75 lines
2.6 KiB
Plaintext
75 lines
2.6 KiB
Plaintext
// Copyright (c) 2025 Noah Gregory
|
|
// Use of this source code is governed by the MIT license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#include "shell/common/asar/integrity_digest.h"
|
|
|
|
#include <Foundation/Foundation.h>
|
|
|
|
#include <array>
|
|
#include <cstdint>
|
|
#include <span>
|
|
|
|
#include "base/strings/sys_string_conversions.h"
|
|
#include "crypto/hash.h"
|
|
|
|
namespace asar {
|
|
|
|
constexpr crypto::hash::HashKind kIntegrityDictionaryHashKind =
|
|
crypto::hash::HashKind::kSha256;
|
|
|
|
constexpr size_t kIntegrityDictionaryDigestSize =
|
|
DigestSizeForHashKind(kIntegrityDictionaryHashKind);
|
|
constexpr char kIntegrityDictionaryDigestSentinel[] =
|
|
"AGbevlPCksUGKNL8TSn7wGmJEuJsXb2A";
|
|
|
|
struct IntegrityDictionaryDigestSlot {
|
|
uint8_t sentinel[sizeof(kIntegrityDictionaryDigestSentinel) - 1];
|
|
uint8_t used;
|
|
uint8_t version;
|
|
uint8_t digest[kIntegrityDictionaryDigestSize];
|
|
};
|
|
|
|
constexpr IntegrityDictionaryDigestSlot MakeDigestSlot(
|
|
const char (&sentinel)[33]) {
|
|
IntegrityDictionaryDigestSlot slot{};
|
|
std::span<uint8_t, 32> slot_sentinel_span(slot.sentinel);
|
|
std::copy_n(sentinel, slot_sentinel_span.size(), slot_sentinel_span.begin());
|
|
slot.used = false; // to be set at package-time
|
|
slot.version = 0; // to be set at package-time
|
|
return slot;
|
|
}
|
|
|
|
__attribute__((section("__DATA_CONST,__asar_integrity"), used))
|
|
const volatile IntegrityDictionaryDigestSlot kIntegrityDictionaryDigest =
|
|
MakeDigestSlot(kIntegrityDictionaryDigestSentinel);
|
|
|
|
bool IsIntegrityDictionaryValid(NSDictionary* integrity) {
|
|
if (kIntegrityDictionaryDigest.used == false)
|
|
return true; // No digest to validate against, fail open
|
|
if (kIntegrityDictionaryDigest.version != 1)
|
|
return false; // Unknown version, fail closed
|
|
crypto::hash::Hasher integrity_hasher(kIntegrityDictionaryHashKind);
|
|
for (NSString *relative_path_key in
|
|
[[integrity allKeys] sortedArrayUsingComparator:^NSComparisonResult(
|
|
NSString* s1, NSString* s2) {
|
|
return [s1 compare:s2 options:NSLiteralSearch];
|
|
}]) {
|
|
NSDictionary* file_integrity = [integrity objectForKey:relative_path_key];
|
|
NSString* algorithm = [file_integrity objectForKey:@"algorithm"];
|
|
NSString* hash = [file_integrity objectForKey:@"hash"];
|
|
integrity_hasher.Update(base::SysNSStringToUTF8(relative_path_key));
|
|
integrity_hasher.Update(base::SysNSStringToUTF8(algorithm));
|
|
integrity_hasher.Update(base::SysNSStringToUTF8(hash));
|
|
}
|
|
std::array<uint8_t, kIntegrityDictionaryDigestSize> digest;
|
|
integrity_hasher.Finish(digest);
|
|
if (!std::equal(digest.begin(), digest.end(),
|
|
kIntegrityDictionaryDigest.digest)) {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
} // namespace asar
|